IEEE Access 2025

Automating IoT Data Privacy Compliance by Integrating Knowledge Graphs With Large Language Models

Kelvin Echenim and Karuna Pande Joshi

July 25, 2025

Regulatory compliance is mandatory for Internet of Things (IoT) manufacturers, particularly under stringent frameworks such as the General Data Protection Regulation (GDPR), which governs the handling of personal data. We introduce a novel framework for automating IoT compliance verification by integrating a Large Language Model (LLM) with a domain-specific Knowledge Graph (KG). The framework achieves two primary objectives: 1) leveraging the LLM to interpret natural-language compliance queries, and 2) employing a KG populated with synthetic GDPR scenarios to provide structured, up-to-date regulatory guidance, modeling obligations, permissions, and prohibitions for both deontic (normative) and non-deontic (factual) queries, thus mitigating biases and hallucinations inherent in language models. Evaluated on 50 representative GDPR compliance queries, our approach achieves high semantic alignment (mean BERTScore F1 of 0.89), with expert reviewers rating approximately 84% of generated compliance advice as fully or mostly correct. This work offers IoT manufacturers a scalable, automated solution for data privacy compliance.

BibTeX OWL Tweet Scholar

Type: Article

Publisher: IEEE

Organization: IEEE

Volume: 13

Note: Print ISSN: 2169-3536, Online ISSN: 2169-3536
DOI: 10.1109/ACCESS.2025.3586278

Downloads: 118 downloads